X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fsha%2Fsha512.c;h=aab1f1e8d457931fac527beddd9cdc74c6a7ff6c;hp=e48e2febbe3b5a0803002ce50d38ca10b563648a;hb=da3bd2779dffae5980ebfb291c82ad8aba0b8e74;hpb=ce6aa1e49607b21c0cb712f38b97d8fa80f6051d diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c index e48e2febbe..aab1f1e8d4 100644 --- a/crypto/sha/sha512.c +++ b/crypto/sha/sha512.c @@ -50,9 +50,13 @@ #include "cryptlib.h" -const char *SHA512_version="SHA-512" OPENSSL_VERSION_PTEXT; +__fips_constseg +const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT; -#if defined(_M_IX86) || defined(_M_AMD64) || defined(__i386) || defined(__x86_64) +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ + defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ + defined(__s390__) || defined(__s390x__) || \ + defined(SHA512_ASM) #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA #endif @@ -66,6 +70,7 @@ int SHA384_Init (SHA512_CTX *c) c->h[5]=U64(0x8eb44a8768581511); c->h[6]=U64(0xdb0c2e0d64f98fa7); c->h[7]=U64(0x47b5481dbefa4fa4); + c->Nl=0; c->Nh=0; c->num=0; c->md_len=SHA384_DIGEST_LENGTH; return 1; @@ -81,6 +86,7 @@ int SHA512_Init (SHA512_CTX *c) c->h[5]=U64(0x9b05688c2b3e6c1f); c->h[6]=U64(0x1f83d9abfb41bd6b); c->h[7]=U64(0x5be0cd19137e2179); + c->Nl=0; c->Nh=0; c->num=0; c->md_len=SHA512_DIGEST_LENGTH; return 1; @@ -89,7 +95,7 @@ int SHA512_Init (SHA512_CTX *c) #ifndef SHA512_ASM static #endif -void sha512_block (SHA512_CTX *ctx, const void *in, size_t num); +void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num); int SHA512_Final (unsigned char *md, SHA512_CTX *c) { @@ -100,7 +106,7 @@ int SHA512_Final (unsigned char *md, SHA512_CTX *c) n++; if (n > (sizeof(c->u)-16)) memset (p+n,0,sizeof(c->u)-n), n=0, - sha512_block (c,p,1); + sha512_block_data_order (c,p,1); memset (p+n,0,sizeof(c->u)-16-n); #ifdef B_ENDIAN @@ -125,7 +131,7 @@ int SHA512_Final (unsigned char *md, SHA512_CTX *c) p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56); #endif - sha512_block (c,p,1); + sha512_block_data_order (c,p,1); if (md==0) return 0; @@ -191,13 +197,13 @@ int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len) if (len < n) { - memcpy (p+c->num,data,len), c->num += len; + memcpy (p+c->num,data,len), c->num += (unsigned int)len; return 1; } else { memcpy (p+c->num,data,n), c->num = 0; len-=n, data+=n; - sha512_block (c,p,1); + sha512_block_data_order (c,p,1); } } @@ -207,12 +213,12 @@ int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len) if ((size_t)data%sizeof(c->u.d[0]) != 0) while (len >= sizeof(c->u)) memcpy (p,data,sizeof(c->u)), - sha512_block (c,p,1), + sha512_block_data_order (c,p,1), len -= sizeof(c->u), data += sizeof(c->u); else #endif - sha512_block (c,data,len/sizeof(c->u)), + sha512_block_data_order (c,data,len/sizeof(c->u)), data += len, len %= sizeof(c->u), data -= len; @@ -227,7 +233,7 @@ int SHA384_Update (SHA512_CTX *c, const void *data, size_t len) { return SHA512_Update (c,data,len); } void SHA512_Transform (SHA512_CTX *c, const unsigned char *data) -{ sha512_block (c,data,1); } +{ sha512_block_data_order (c,data,1); } unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md) { @@ -256,6 +262,7 @@ unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md) } #ifndef SHA512_ASM +__fips_constseg static const SHA_LONG64 K512[80] = { U64(0x428a2f98d728ae22),U64(0x7137449123ef65cd), U64(0xb5c0fbcfec4d3b2f),U64(0xe9b5dba58189dbbc), @@ -301,7 +308,7 @@ static const SHA_LONG64 K512[80] = { #ifndef PEDANTIC # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) # if defined(__x86_64) || defined(__x86_64__) -# define ROTR(a,n) ({ unsigned long ret; \ +# define ROTR(a,n) ({ SHA_LONG64 ret; \ asm ("rorq %1,%0" \ : "=r"(ret) \ : "J"(n),"0"(a) \ @@ -315,29 +322,30 @@ static const SHA_LONG64 K512[80] = { # elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN) # if defined(I386_ONLY) # define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ - unsigned int hi,lo; \ + unsigned int hi=p[0],lo=p[1]; \ asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\ "roll $16,%%eax; roll $16,%%edx; "\ "xchgb %%ah,%%al;xchgb %%dh,%%dl;" \ : "=a"(lo),"=d"(hi) \ - : "0"(p[1]),"1"(p[0]) : "cc"); \ + : "0"(lo),"1"(hi) : "cc"); \ ((SHA_LONG64)hi)<<32|lo; }) # else # define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ - unsigned int hi,lo; \ + unsigned int hi=p[0],lo=p[1]; \ asm ("bswapl %0; bswapl %1;" \ : "=r"(lo),"=r"(hi) \ - : "0"(p[1]),"1"(p[0])); \ + : "0"(lo),"1"(hi)); \ ((SHA_LONG64)hi)<<32|lo; }) # endif -# elif defined(_ARCH_PPC) && defined(__64BIT__) -# define ROTR(a,n) ({ unsigned long ret; \ +# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) +# define ROTR(a,n) ({ SHA_LONG64 ret; \ asm ("rotrdi %0,%1,%2" \ : "=r"(ret) \ : "r"(a),"K"(n)); ret; }) # endif # elif defined(_MSC_VER) # if defined(_WIN64) /* applies to both IA-64 and AMD64 */ +# pragma intrinsic(_rotr64) # define ROTR(a,n) _rotr64((a),n) # endif # if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) @@ -361,6 +369,9 @@ static const SHA_LONG64 K512[80] = { } # endif # define PULL64(x) __pull64be(&(x)) +# if _MSC_VER<=1200 +# pragma inline_depth(0) +# endif # endif # endif #endif @@ -382,27 +393,74 @@ static const SHA_LONG64 K512[80] = { #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) -#if defined(OPENSSL_IA32_SSE2) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) -#define GO_FOR_SSE2(ctx,in,num) do { \ - void sha512_block_sse2(void *,const void *,size_t); \ - if (!(OPENSSL_ia32cap_P & (1<<26))) break; \ - sha512_block_sse2(ctx->h,in,num); return; \ - } while (0) + +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) +/* + * This code should give better results on 32-bit CPU with less than + * ~24 registers, both size and performance wise... + */ +static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) + { + const SHA_LONG64 *W=in; + SHA_LONG64 A,E,T; + SHA_LONG64 X[9+80],*F; + int i; + + while (num--) { + + F = X+80; + A = ctx->h[0]; F[1] = ctx->h[1]; + F[2] = ctx->h[2]; F[3] = ctx->h[3]; + E = ctx->h[4]; F[5] = ctx->h[5]; + F[6] = ctx->h[6]; F[7] = ctx->h[7]; + + for (i=0;i<16;i++,F--) + { +#ifdef B_ENDIAN + T = W[i]; +#else + T = PULL64(W[i]); #endif + F[0] = A; + F[4] = E; + F[8] = T; + T += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i]; + E = F[3] + T; + A = T + Sigma0(A) + Maj(A,F[1],F[2]); + } + + for (;i<80;i++,F--) + { + T = sigma0(F[8+16-1]); + T += sigma1(F[8+16-14]); + T += F[8+16] + F[8+16-9]; + + F[0] = A; + F[4] = E; + F[8] = T; + T += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i]; + E = F[3] + T; + A = T + Sigma0(A) + Maj(A,F[1],F[2]); + } + + ctx->h[0] += A; ctx->h[1] += F[1]; + ctx->h[2] += F[2]; ctx->h[3] += F[3]; + ctx->h[4] += E; ctx->h[5] += F[5]; + ctx->h[6] += F[6]; ctx->h[7] += F[7]; + + W+=SHA_LBLOCK; + } + } -#ifdef OPENSSL_SMALL_FOOTPRINT +#elif defined(OPENSSL_SMALL_FOOTPRINT) -static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num) +static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) { const SHA_LONG64 *W=in; SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1,T2; SHA_LONG64 X[16]; int i; -#ifdef GO_FOR_SSE2 - GO_FOR_SSE2(ctx,in,num); -#endif - while (num--) { a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; @@ -447,23 +505,19 @@ static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num) h = Sigma0(a) + Maj(a,b,c); \ d += T1; h += T1; } while (0) -#define ROUND_16_80(i,a,b,c,d,e,f,g,h,X) do { \ - s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ - s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ - T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ - ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) +#define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X) do { \ + s0 = X[(j+1)&0x0f]; s0 = sigma0(s0); \ + s1 = X[(j+14)&0x0f]; s1 = sigma1(s1); \ + T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f]; \ + ROUND_00_15(i+j,a,b,c,d,e,f,g,h); } while (0) -static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num) +static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) { const SHA_LONG64 *W=in; SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1; SHA_LONG64 X[16]; int i; -#ifdef GO_FOR_SSE2 - GO_FOR_SSE2(ctx,in,num); -#endif - while (num--) { a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; @@ -505,16 +559,24 @@ static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num) T1 = X[15] = PULL64(W[15]); ROUND_00_15(15,b,c,d,e,f,g,h,a); #endif - for (i=16;i<80;i+=8) + for (i=16;i<80;i+=16) { - ROUND_16_80(i+0,a,b,c,d,e,f,g,h,X); - ROUND_16_80(i+1,h,a,b,c,d,e,f,g,X); - ROUND_16_80(i+2,g,h,a,b,c,d,e,f,X); - ROUND_16_80(i+3,f,g,h,a,b,c,d,e,X); - ROUND_16_80(i+4,e,f,g,h,a,b,c,d,X); - ROUND_16_80(i+5,d,e,f,g,h,a,b,c,X); - ROUND_16_80(i+6,c,d,e,f,g,h,a,b,X); - ROUND_16_80(i+7,b,c,d,e,f,g,h,a,X); + ROUND_16_80(i, 0,a,b,c,d,e,f,g,h,X); + ROUND_16_80(i, 1,h,a,b,c,d,e,f,g,X); + ROUND_16_80(i, 2,g,h,a,b,c,d,e,f,X); + ROUND_16_80(i, 3,f,g,h,a,b,c,d,e,X); + ROUND_16_80(i, 4,e,f,g,h,a,b,c,d,X); + ROUND_16_80(i, 5,d,e,f,g,h,a,b,c,X); + ROUND_16_80(i, 6,c,d,e,f,g,h,a,b,X); + ROUND_16_80(i, 7,b,c,d,e,f,g,h,a,X); + ROUND_16_80(i, 8,a,b,c,d,e,f,g,h,X); + ROUND_16_80(i, 9,h,a,b,c,d,e,f,g,X); + ROUND_16_80(i,10,g,h,a,b,c,d,e,f,X); + ROUND_16_80(i,11,f,g,h,a,b,c,d,e,X); + ROUND_16_80(i,12,e,f,g,h,a,b,c,d,X); + ROUND_16_80(i,13,d,e,f,g,h,a,b,c,X); + ROUND_16_80(i,14,c,d,e,f,g,h,a,b,X); + ROUND_16_80(i,15,b,c,d,e,f,g,h,a,X); } ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; @@ -528,4 +590,10 @@ static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num) #endif /* SHA512_ASM */ -#endif /* OPENSSL_NO_SHA512 */ +#else /* !OPENSSL_NO_SHA512 */ + +#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) +static void *dummy=&dummy; +#endif + +#endif /* !OPENSSL_NO_SHA512 */